Bug 25675

Summary: libvpx new security issues CVE-2019-9232, CVE-2019-9325, CVE-2019-9433
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Mageia Bug Squad <bugsquad>
Status: RESOLVED INVALID QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: cjw, zombie.ryushu
Version: Cauldron   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA7TOO
Source RPM: libvpx-1.8.1-2.mga8.src.rpm CVE:
Status comment:

Description David Walser 2019-11-09 15:14:42 CET 
Chromium has fixed issues in its bundled copy of libvpx:
https://www.openwall.com/lists/oss-security/2019/11/07/1

Links to the fixes are in the message above.
David Walser 2019-11-09 15:14:51 CET

Whiteboard: (none) => MGA7TOO

Comment 1 David Walser 2019-11-09 15:34:59 CET 
The fixes are actually in Android, not Chromium.
Comment 2 Christiaan Welvaart 2019-11-09 15:54:41 CET 
Looking at upstream git tags I get the following:

CVE-2019-9325
	included in libvpx v1.8.1 so fixed in cauldron
	included in libvpx v1.8.0 so fixed in mga7

CVE-2019-9232
	included in libvpx v1.8.1 so fixed in cauldron
	included in libvpx v1.8.0 so fixed in mga7

CVE-2019-9433
	included in libvpx v1.8.1 so fixed in cauldron
	included in libvpx v1.8.0 so fixed in mga7

CC: (none) => cjw

Comment 3 David Walser 2019-11-09 16:14:28 CET 
Thanks!

Resolution: (none) => INVALID
Status: NEW => RESOLVED

Comment 4 David Walser 2019-11-28 16:27:46 CET 
*** Bug 25775 has been marked as a duplicate of this bug. ***

CC: (none) => zombie.ryushu